<?php
/*
  $Id: login.php,v 1.17 2003/02/14 12:57:29 dgw_ Exp $

  osCommerce, Open Source E-Commerce Solutions
  http://www.oscommerce.com

  Copyright (c) 2002 osCommerce

  Released under the GNU General Public License

  Includes Contribution:
  Access with Level Account (v. 2.2a) for the Admin Area of osCommerce (MS2)

  This file may be deleted if disabling the above contribution
*/

  require('includes/application_top.php');
  require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_LOGIN);

  if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process')) {
    $email_address = tep_db_prepare_input($HTTP_POST_VARS['email_address']);
    $firstname = tep_db_prepare_input($HTTP_POST_VARS['firstname']);
    $log_times = $HTTP_POST_VARS['log_times']+1;
    if ($log_times >= 4) {
      tep_session_register('password_forgotten');
    }

// Check if email exists
    $check_admin_query = tep_db_query("select admin_id as check_id, admin_firstname as check_firstname, admin_lastname as check_lastname, admin_email_address as check_email_address from " . TABLE_ADMIN . " where admin_email_address = '" . tep_db_input($email_address) . "'");
    if (!tep_db_num_rows($check_admin_query)) {
      $HTTP_GET_VARS['login'] = 'fail';
    } else {
      $check_admin = tep_db_fetch_array($check_admin_query);
      if ($check_admin['check_firstname'] != $firstname) {
        $HTTP_GET_VARS['login'] = 'fail';
      } else {
        $HTTP_GET_VARS['login'] = 'success';

        function randomize() {
          $salt = "ABCDEFGHIJKLMNOPQRSTUVWXWZabchefghjkmnpqrstuvwxyz0123456789";
          srand((double)microtime()*1000000);
          $i = 0;

          while ($i <= 7) {
            $num = rand() % 33;
    	    $tmp = substr($salt, $num, 1);
    	    $pass = $pass . $tmp;
    	    $i++;
  	  }
  	  return $pass;
        }
        $makePassword = randomize();

        tep_mail($check_admin['check_firstname'] . ' ' . $check_admin['admin_lastname'], $check_admin['check_email_address'], ADMIN_EMAIL_SUBJECT, sprintf(ADMIN_EMAIL_TEXT, $check_admin['check_firstname'], HTTP_SERVER . DIR_WS_ADMIN, $check_admin['check_email_address'], $makePassword, STORE_OWNER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
        tep_db_query("update " . TABLE_ADMIN . " set admin_password = '" . tep_encrypt_password($makePassword) . "' where admin_id = '" . $check_admin['check_id'] . "'");
      }
    }
  }

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html <?php echo HTML_PARAMS; ?>>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">
<title><?php echo TITLE; ?></title>
<?php require(DIR_FS_TEMPLATE . 'scripts/javascript.php'); ?>
<link rel="stylesheet" href="<?php echo DIR_WS_TEMPLATE ?>css/style.css" type="text/css">
</head>
<body>

<?php require(DIR_FS_TEMPLATE . 'template.php'); ?>

<?php echo tep_draw_form('login', FILENAME_PASSWORD_FORGOTTEN, 'action=process'); ?>

<table cellspacing="0" cellpadding="3" width="95%" align="center">
 <tr>
  <td class="Heading1"><?php echo HEADING_PASSWORD_FORGOTTEN; ?></td>
 </tr>
 <tr>
  <td class="body">
   <div>
<?php
  if ($HTTP_GET_VARS['login'] == 'success') {
    $success_message = TEXT_FORGOTTEN_SUCCESS;
  } elseif ($HTTP_GET_VARS['login'] == 'fail') {
    $info_message = TEXT_FORGOTTEN_ERROR;
  }
  if (tep_session_is_registered('password_forgotten')) {
    echo TEXT_FORGOTTEN_FAIL;
  } elseif (isset($success_message)) {    echo $success_message;
  } else {
    if (isset($info_message)) {
    echo $info_message; 
    echo tep_draw_hidden_field('log_times', $log_times);
  } else {
    echo "Please enter your Name and Email Address below.\n";
    echo tep_draw_hidden_field('log_times', '0');
  }
}
?>
   </div>
  </td>
 </tr>
 <tr>
  <td>
  </td>
 </tr>
 <tr>
  <td class="body">
   <table class="Panel" cellspacing="0" cellpadding="2" border="0">
    <tr>
     <td class="Heading2" colspan="2">&nbsp;Request a new Password</td>
    </tr>
    <tr>
     <td nowrap class="SmallFieldLabel">&nbsp;&nbsp;&nbsp;<?php echo ENTRY_FIRSTNAME; ?></td>
     <td>
      <?php echo tep_draw_input_field('firstname'); ?>
     </td>
    </tr>
    <tr>
     <td nowrap class="SmallFieldLabel">&nbsp;&nbsp;&nbsp;<?php echo ENTRY_EMAIL_ADDRESS; ?></td>
     <td>
      <?php echo tep_draw_input_field('email_address'); ?>
     </td>
    </tr>
    <tr>
     <td>&nbsp;</td>
     <td>
	<div class="buttons">
	<button type="submit" class="positive">
        <img src="<?php echo DIR_WS_TEMPLATE ?>images/icon_padlock.gif" alt=""/> 
        Send New Password
    	</button>
	</div>
     </td>
    </tr>
    <tr>
     <td class="Gap"></td></tr>
    <tr>
     <td>&nbsp;</td>
     <td>
     </td>
    </tr>
    <tr>
     <td class="Gap"></td>
    </tr>
   </table>
  </td>
 </tr>
</table>
</form>

<table align="center" border="0" cellspacing="0" cellpadding="2">
 <tr>
  <td><?php require(DIR_WS_INCLUDES . 'footer.php'); ?></td>
 </tr>
</table>


</body>

</html>
